Question HFIH-01

Do you have a formal incident response plan?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

State plans to formalize an incident response plan.

Answering "YES"

Summarize or provide a link to your formal incident response plan.

Reason for Question

The ability for the vendor to respond effectively (and quickly) to a security incident is of the utmost importance. The size of a vendor's security office will determine their capabilities during a security incident, but the incident response plan will oftentimes determine their effectiveness. Use the knowledge of this response when evaluating other vendor statements, particularly when discussing degraded operation states.

Follow-Up Inquiries

If the vendor does not have an incident response plan, direct them to the NIST Computer Security Incident Handling Guide at https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final (opens in a new tab)

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]